-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup.psql
53 lines (44 loc) · 1.51 KB
/
setup.psql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
begin;
create user bgpd
password :'BGPD_PASSWORD'; -- Grab password from psql vars
comment on role bgpd is
$$The bgpd user is used by the bgpd daemon to manage routes$$;
create user authenticator noinherit
password :'AUTHENTICATOR_PASSWORD'; -- Grab password from psql vars
comment on role authenticator is
$$The authenticator user is used to pivot into other roles.
It should have no permissions itself$$;
create role anon;
comment on role anon is
$$The anon user should only be able to see/do what we expect an anonymous member of the public to be able to do$$;
grant anon to authenticator;
-- Create schema as a non-superuser
create role provisioner;
grant provisioner to current_user;
create schema v1 authorization provisioner;
set role provisioner;
grant usage on schema v1 to anon;
create table routes(
peer_ip_src inet not null,
subnet cidr not null,
primary key (peer_ip_src, subnet),
as_path bigint[] not null,
bgp_nexthop inet,
local_pref int
);
grant all on routes to bgpd;
create view v1.routes as select * from routes;
comment on view v1.routes is
'Advertised routes';
comment on column v1.routes.peer_ip_src is
'Peer this route advertisement came from';
comment on column v1.routes.subnet is
'Subnet/Route advertised';
comment on column v1.routes.as_path is
'AS Path declared by peer';
comment on column v1.routes.bgp_nexthop is
'Next BGP peer as declared by peer';
comment on column v1.routes.local_pref is
$$Peer's local preference for this route$$;
grant select on v1.routes to anon;
commit;